James R. Mirick sets the record straight on things he cares about

Laptop Theft, Data Theft

Some very interesting stats from SearchSMB.com, a tech email newsletter:

The average business loses about 5% of its laptop computers per year to theft;

The FBI says 2 million laptops are stolen every year in the US;

The FBI itself loses 3 – 4 laptops per month.

Laptops are stolen in almost any conceivable situation — offices, homes, cars, planes, coffee shops, you name it. If the FBI can’t protect theirs, you are going to have trouble yourself.

Leaving out any monetary issues with the theft, the greater problem is the data on the computer’s hard drive. Just a couple of weeks ago, the Chicago School District lost two laptops that contain the names and SSNs of up to 40,000 current and past employees, and this is of course only the most recent loss of personal data by various corporations and governmental agencies. I used to blog on these, but they’ve become so frequent that I’ve essentially given up as I would have no room to write much of anything else, here’s a Wikipedia article with more details if you can stand to read it.

Well, there’s lots of ways to secure your laptop physically, but given the stats it would seem you have a pretty good chance of having your machine stolen at some point. Assuming you care about your privacy, are you doing anything to protect yourself, or are you just giving away all your personal data to whoever grabs the box? Personally, I’m much more worried about preventing a thief from getting all my passwords, or access to my tax returns, or whatever, than I am about recovering the machine. So make the assumption that you’re going to be ripped off, and take a few precautions to lock down your stuff:

Keep your online IDs and passwords in a software vault like Password Safe. It uses government-grade encryption, and it’s free. A master password gets you in, and then you copy / paste the passwords into application. Tres easy.

Select passwords that have a little substance to them, so they can’t be cracked by brute-force methods. My recommendations are here.

Select files or directories that you really want to keep private, and encrypt them on the disk using TrueCrypt, Again, government-grade encryption, and it’s free. With TrueCrypt you can access your files from your programs just as if they weren’t encrypted, but they actually are, and there’s no intermediate decrypt step to use them.

Don’t save your IDs / passwords in the browser, except for sites like newspapers or newsgroups that you don’t care much about.

People don’t use USB drives often enough. Get a USB keychain drive and put important files on it — encrypted if you wish, and then store or carry it apart from the laptop, so if the laptop gets honked off, they don’t have the data. This might not protect you from a smash-and-grab artist at a coffee shop (where the USB drive might be plugged in!) but lots of the time it’s a good solution. But don’t forget to have the data on the USB backed up carefully, these things are NOT persistent magnetic storage and are subject to disruption by being laundered or otherwise abused.

So there you have it. The goofs in these big companies can’t seem to get their ducks lined up, but you certainly can. And it’s your data.